CVE-2022-49104
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's vchiq_core component. An attacker could cause a kernel panic or system crash by providing an invalid handle to the find_service_by_handle function. This affects Linux systems using the staging vchiq_core driver, particularly those with Broadcom VideoCore hardware.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service (system crash) with potential data loss or corruption.
Likely Case
Local denial of service through kernel panic, requiring physical or remote reboot.
If Mitigated
Minimal impact if system has proper privilege separation and the vulnerable driver isn't loaded.
🎯 Exploit Status
Requires local access to trigger the vulnerable code path. Exploitation depends on being able to interact with the vchiq interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/04202f54dd8899e10f56a89c4c1ede0043fa22af
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commits from kernel.org. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable vchiq_core driver
linuxPrevent loading of the vulnerable staging driver if not needed
echo 'blacklist vchiq' >> /etc/modprobe.d/blacklist.conf
rmmod vchiq
🧯 If You Can't Patch
- Restrict local access to systems using vchiq driver
- Implement strict privilege separation to limit who can interact with kernel interfaces
🔍 How to Verify
Check if Vulnerable:
Check if vchiq module is loaded: lsmod | grep vchiq. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Confirm vchiq module version if updated separately.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning vchiq
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND "vchiq"🔗 References
- https://git.kernel.org/stable/c/04202f54dd8899e10f56a89c4c1ede0043fa22af
- https://git.kernel.org/stable/c/3b424f6586a870b8d657c5e5419465bbe0e7b61f
- https://git.kernel.org/stable/c/42f2142a337ee372455574809fc924580a7e51b2
- https://git.kernel.org/stable/c/aa0b7296785312a4bfa8fac0ba8ad78698fd9fcf
- https://git.kernel.org/stable/c/ca225857faf237234d2fffe5d1919467dfadd822
